| Recurring |
one_organization, multiple_organization |
(a) The software failure incident having happened again at one_organization:
The incident of the cyberattack on the Pyeongchang Olympics in 2018, known as Olympic Destroyer, was attributed to the GRU, Russia's military intelligence agency. This same group, GRU Unit 74455, was implicated in other high-profile cyberattacks, including the interference in the 2016 US election. The malware used in the Olympics attack shared similarities with previous Russian hacking operations, indicating a pattern of behavior by the same group [90347].
(b) The software failure incident having happened again at multiple_organization:
The cyberattack on the Pyeongchang Olympics also targeted other entities connected to the Olympics, such as Atos, an IT services provider in France, and two ski resorts in Pyeongchang. The attack on the ski resorts resulted in the temporary paralysis of automated ski gates and ski lifts. This incident highlights how the same malware and tactics were used against multiple organizations related to the Olympics [90347]. |
| Phase (Design/Operation) |
design, operation |
The software failure incident at the 2018 Winter Olympics in Pyeongchang, South Korea, was primarily due to a cyberattack that disrupted the IT infrastructure during the opening ceremony [90347]. The incident involved the shutdown of domain controllers in the Seoul data centers, leading to various issues such as the inability to print tickets, malfunctioning Wi-Fi, black screens on internet-linked TVs, and a broken official app with digital ticketing functions. The attack caused a significant disruption to the IT setup, affecting services crucial for the smooth operation of the Olympics, including meals, hotel reservations, and event ticketing.
The incident can be attributed to both the design and operation phases of the system. In terms of design, the attack exploited vulnerabilities in the IT infrastructure that were likely introduced during system development and updates. The malware used in the attack, named Olympic Destroyer, was sophisticated and deceptive, utilizing false flags and misdirection to confuse forensic analysts and attribution efforts. This level of deception showcased the evolving tactics of cyber attackers in creating chaos and uncertainty in their targets.
Regarding the operation phase, the attack impacted the day-to-day operation of the IT systems during a critical event like the Olympics' opening ceremony. The disruption caused by the cyberattack required immediate response and mitigation efforts from the technology operations center staff, who had to work frantically to rebuild the digital nervous system of the Olympics to restore essential services. The incident highlighted the importance of operational readiness and response capabilities in handling unexpected failures and attacks on critical systems. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) The software failure incident at the Pyeongchang Olympics was primarily within the system. The incident involved a cyberattack that targeted the Olympics' IT infrastructure, specifically the domain controllers and servers, causing widespread disruptions such as Wi-Fi outages, blackouts on internet-linked TVs, and malfunctioning RFID security gates [90347].
(b) The software failure incident also had contributing factors that originated from outside the system. The attack was sophisticated and deceptive, involving false flags and misdirection to confuse investigators and analysts. The attackers attempted to frame North Korea for the cyberattack on the Olympics, while the actual perpetrators were identified as Russian hackers from the GRU military intelligence agency [90347]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in the article was primarily due to non-human actions, specifically a cyberattack on the IT infrastructure of the Pyeongchang Olympics organizing committee during the opening ceremony of the 2018 Winter Olympics. The attack involved malware named Olympic Destroyer, which disrupted various systems such as Wi-Fi, internet-linked TVs, RFID-based security gates, and the official Olympics app [90347].
(b) Human actions also played a role in the incident, as the attackers behind the cyberattack were identified as the GRU, a Russian military intelligence agency. The attack involved deceptive techniques, false flags, and sophisticated methods to mislead investigators and attribute the attack to other potential culprits such as North Korea or China. The incident highlighted the challenges of attribution in cybersecurity and the potential consequences of false accusations [90347]. |
| Dimension (Hardware/Software) |
software |
The software failure incident reported in the articles was primarily due to contributing factors originating in software rather than hardware. The incident involved a cyberattack on the Pyeongchang Olympics' IT infrastructure during the opening ceremony, resulting in the shutdown of domain controllers, disruption of services like Wi-Fi, internet-linked TVs, and the official app, and the need to isolate the network from the internet to contain the attack [90347]. The attack was sophisticated, involving malware named Olympic Destroyer, which was designed to deceive investigators by planting false flags pointing to multiple potential culprits, including Russia, North Korea, and China. Ultimately, the attack was attributed to the GRU, a Russian military intelligence agency, specifically GRU Unit 74455, based in Moscow, which had also been involved in other high-profile cyber operations, including interference in the 2016 US election [90347]. |
| Objective (Malicious/Non-malicious) |
malicious |
The software failure incident at the Pyeongchang Olympics was a malicious attack orchestrated by the GRU, Russia's military intelligence agency. The attack, known as Olympic Destroyer, was designed to disrupt the Olympics' IT infrastructure and create chaos during the opening ceremony. The attackers used sophisticated deception techniques, including false flags and misdirection, to frame other potential culprits such as North Korea and China. The incident involved the deployment of malware-laced Word documents to gain access to the network, leading to the shutdown of critical systems like Wi-Fi, security gates, and the official app [90347]. The attack was part of a broader campaign by the GRU, which had previously targeted the 2016 US election and Ukrainian organizations [90347]. The incident highlighted the increasing use of false flags in cyberattacks, making attribution challenging and potentially leading to significant geopolitical consequences [90347]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
The software failure incident at the 2018 Winter Olympics, known as Olympic Destroyer, was a deliberate cyberattack orchestrated by the GRU, Russia's military intelligence agency. The attack was designed to disrupt the Olympics' IT infrastructure and create chaos during the opening ceremony. The attackers used sophisticated deception techniques, including false flags and misdirection, to attribute the attack to other potential culprits such as North Korea or China. The intent behind the attack was to sow confusion, undermine trust, and cause disruption without a clear purpose [90347]. This deliberate and malicious intent categorizes the software failure incident as a case of poor_decisions, where the contributing factors were introduced by intentional and malicious actions rather than accidental decisions. |
| Capability (Incompetence/Accidental) |
development_incompetence |
The software failure incident at the Pyeongchang Olympics, known as the Olympic Destroyer attack, was a sophisticated cyberattack that involved deceptive techniques to mislead investigators and attribution. The attack was attributed to the Russian military intelligence agency, the GRU, specifically GRU Unit 74455, based in Moscow [90347].
(a) The incident can be categorized as a failure due to development incompetence, as the attackers used false flags and deceptive techniques to mislead investigators and attribution, showcasing a high level of sophistication in their attack strategy.
(b) The incident can also be categorized as an accidental failure, as the attack was designed to appear as if it was carried out by North Korea, creating confusion and misdirection in the investigation process. |
| Duration |
temporary |
The software failure incident at the 2018 Winter Olympics in Pyeongchang, South Korea, was temporary. The incident involved a cyberattack that disrupted the IT infrastructure during the opening ceremony, causing issues such as Wi-Fi outages, black screens on internet-linked TVs, malfunctioning RFID security gates, and a broken official app for the Olympics [90347]. The incident lasted for approximately 12 hours, starting just before 8 pm on the day of the opening ceremony and ending around 8 am the next morning after the IT staff worked frantically to rebuild the servers and restore services [90347]. |
| Behaviour |
crash, omission, other |
(a) crash: The software failure incident described in the articles can be categorized as a crash. The incident involved the system losing its state and not performing its intended functions during the opening ceremony of the 2018 Winter Olympics in Pyeongchang, South Korea. The failure resulted in the shutdown of domain controllers in the Seoul data centers, leading to various issues such as Wi-Fi outages, black screens on internet-linked TVs, malfunctioning RFID security gates, and a broken official app for the Olympics [90347].
(b) omission: The software failure incident can also be categorized as an omission. The system omitted to perform its intended functions, such as allowing attendees to print tickets for entry into the stadium, distributing Wi-Fi hotspots to reporters, and providing access to the Olympics app with schedules, hotel information, and maps. These omissions caused confusion and disruptions during the event [90347].
(c) timing: The timing of the software failure incident can be considered as a factor contributing to the failure. The incident occurred just before the opening ceremony of the Olympics, leading to a series of issues that affected the smooth running of the event. The system's failure to perform its functions correctly at the critical moment of the ceremony highlighted the timing aspect of the failure [90347].
(d) value: The software failure incident can also be attributed to a failure in value. The system failed to provide value to the attendees, athletes, and organizers of the Olympics by disrupting essential services such as Wi-Fi connectivity, security access through RFID systems, and access to critical information via the official app. The incorrect performance of these functions diminished the overall value of the event [90347].
(e) byzantine: The software failure incident does not align with a byzantine failure, which involves erroneous behavior with inconsistent responses and interactions. The incident described in the articles primarily focused on the system's shutdown, loss of functionality, and disruptions caused by the cyberattack during the opening ceremony of the Olympics [90347].
(f) other: The software failure incident can be categorized as a combination of various behaviors, including system shutdown (crash), omission of critical functions, timing issues, and failure to deliver value to users. The incident involved a complex set of failures that impacted the smooth operation of the event and required urgent response and recovery efforts to mitigate the disruptions [90347]. |